From bafeb6c7bc50efd11c6637921a50dd9cfdd53841 Mon Sep 17 00:00:00 2001 From: Steve Loughran Date: Sun, 18 Oct 2015 11:45:11 +0100 Subject: [PATCH] HADOOP-11628. SPNEGO auth does not work with CNAMEs in JDK8. (Daryn Sharp via stevel). --- .../authentication/server/KerberosAuthenticationHandler.java | 4 +++- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java index 846541b162b..c6d188170c6 100644 --- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java +++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java @@ -37,6 +37,7 @@ import javax.servlet.http.HttpServletResponse; import java.io.File; import java.io.IOException; +import java.net.InetAddress; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; import java.util.ArrayList; @@ -342,7 +343,8 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler { authorization = authorization.substring(KerberosAuthenticator.NEGOTIATE.length()).trim(); final Base64 base64 = new Base64(0); final byte[] clientToken = base64.decode(authorization); - final String serverName = request.getServerName(); + final String serverName = InetAddress.getByName(request.getServerName()) + .getCanonicalHostName(); try { token = Subject.doAs(serverSubject, new PrivilegedExceptionAction() { diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 2f2ce6bd9f8..af10154602a 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -1234,6 +1234,9 @@ Release 2.8.0 - UNRELEASED HADOOP-12479. ProtocMojo does not log the reason for a protoc compilation failure. (cnauroth) + HADOOP-11628. SPNEGO auth does not work with CNAMEs in JDK8. + (Daryn Sharp via stevel). + OPTIMIZATIONS HADOOP-12051. ProtobufRpcEngine.invoke() should use Exception.toString()